Name | Version |
---|---|
Operating system | Ubuntu Linux 24.04 |
Webmin version | 2.111 |
Usermin version | 2.010 |
Virtualmin version | 7.20.2 |
Authentic theme version | 21.10 |
I am handling 3rd level domain (whatever.example.com
)
by this redirect (since that is the way … which I was on for 14 years):
RewriteEngine on
# non www xxx.com to www.xxx.com
# http://stackoverflow.com/questions/4916222/htaccess-how-to-force-www-in-a-generic-way
# example.cz to www.example.cz
RewriteCond %{HTTP_HOST} ^(.*)$ [NC]
RewriteCond %{HTTP_HOST} !^(.*)\.(.*)\. [NC]
RewriteCond %{HTTPS}s ^on(s)|
RewriteRule ^ HTTP%1://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{HTTP_HOST} ^([^\.]+)\.(.*)
RewriteCond %{DOCUMENT_ROOT}/%1 -d
RewriteRule ^(.*) /%1/$1 [L]
So I have at:
/home/example.com/htdocs/whatever
domain:
whatever.example.com
and
/home/example.com/htdocs/www
domain:
www.example.com
Now, I want a SSL cert generated by lets encrypt, but that would fail due to 404 on well-known file.
I tried to bypass this redir for that dir, like:
Exclude Let's Encrypt verification directory from the rewrite rules
RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/
But that did not work.
Can you help me to point where is .well-known temporely created?
I can point my redir to that locarion
I was thinking about to comment “unlink” command at
/usr/share/webmin/virtual-server
feature-ssl.pl, generate-letsencrypt-cert.pl, letsencrypt.cgi, virtual-server-lib-funcs.pl
… but its too deep to edit. Especially with 5 tries / hour (fom LE).
Please note that I have there like 400GB, 10+ domains, 1M+ files and its kinda impossible to change the order of subdomains on the fly (even when I would really like to know where to simply add DYNAMIC 3rd level domain generation … since some domain have like 200+ subdomains).
But to get the trick to lets ecrypt would be fine for now.
Please know that with this redir disabled ( some domain dont require subdomains ) it works like a charm.
Log:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for xxx and 6 more domains
Certbot failed to authenticate some domains (authenticator: webroot). The Certificate Authority reported these problems:
Domain: xxx.xxx.com
Type: unauthorized
Detail: 123.123.123.123: Invalid response from http://xxx.xxx.com/.well-known/acme-challenge/NqxxxxxxxxxxxxxxxxM: 404 (or 401 ar some cases)
...